Dark C0d3rs

High
resolved

SSRF Filter Bypass via Unblocked NAT64 Local-Use IPv6 Prefix (64:ff9b:1::/48)

Bug reported by tipsen was disclosed at March 31, 2026, 2:31 am | Server-Side Request Forgery (SSRF)

A vulnerability was discovered in the `ssrf_filter` library version 1.3.0. The library failed to block the NAT64 local-use IPv6 prefix `64:ff9b:1::/48`, allowing such addresses to be treated as public. This enabled SSRF requests through `/fetch` to targets encoded under that prefix when routable in the deployment environment.

Medium
resolved

Path Traversal in writeFile via Unsafe Prefix Containment Check Allows Out-of-Directory Writes

Bug reported by tipsen was disclosed at March 31, 2026, 2:04 am | Path Traversal

A path traversal vulnerability was discovered in the `protodump` tool. The vulnerability allowed an attacker to influence the output filename construction and bypass the containment check, enabling writes outside the intended output directory. The vulnerability was caused by the use of descriptor-controlled paths in the output filename construction, along with an unsafe lexical prefix check for directory containment. This issue has been identified in the `protodump` tool.

Medium
resolved

hashXploiter

SSRF Filter Bypass via Unblocked NAT64 Local-Use IPv6 Prefix (64:ff9b:1::/48)

Path Traversal in writeFile via Unsafe Prefix Containment Check Allows Out-of-Directory Writes

HashDoS in V8

Permission Model Bypass in realpathSync.native Allows File Existence Disclosure

Timing side-channel in HMAC verification via memcmp() in crypto_hmac.cc leads to potential MAC forgery

Node.js Permission Model bypass: UDS server bind/listen works without `--allow-net`

Denial of Service via `proto` header name in `req.headersDistinct` (Uncaught `TypeError` crashes Node.js process)

CVE-2024-36137 Patch Bypass - FileHandle.chmod/chown

Memory leak in Node.js HTTP/2 server via WINDOW_UPDATE on stream 0 leads to resource exhaustion